Compliance > Kubernetes > CIS - GKE 1.2.0 > Worker Node Security Configuration >

Worker Node Configuration Files

N/A

Source

Kube Bench

ID

3.1

Version

gke-1.2.0

3.1 Worker Node Configuration Files

3.1.1 Ensure that the proxy kubeconfig file permissions are set to 644 or more restrictive (Manual)

Recommended Action

Run the below command (based on the file location on your system) on each worker node. For example, chmod 644 $proxykubeconfig

3.1.2 Ensure that the proxy kubeconfig file ownership is set to root:root (Manual)

Recommended Action

Run the below command (based on the file location on your system) on each worker node. For example, chown root:root $proxykubeconfig

3.1.3 Ensure that the kubelet configuration file permissions are set to 644 or more restrictive (Manual)

Recommended Action

Run the following command (using the config file location identied in the Audit step) chmod 644 /var/lib/kubelet/config.yaml

3.1.4 Ensure that the kubelet configuration file ownership is set to root:root (Manual)

Recommended Action

Run the following command (using the config file location identied in the Audit step) chown root:root /etc/kubernetes/kubelet.conf

Aqua Container Security

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.

Copyright © 2023 Aqua Security Software Ltd. Privacy Policy | Terms of Use